Microsoft Proxy Server page Includes downloadable beta. Contact Mark Gibbs Rating 1 is poor and 5 is excellent: Value for money: 4 Intranet usefulness: 5 Quality: 5 Overall: 4.7 Pros: Straightforward and well designed; extensive protocol support; solid security. Cons: Doesn't support non-Windows clients except for CERN-compliant proxied protocols; Requires Windows NT 4.0 and IIS 2.0.

By Mark Gibbs
IntraNet, 7/21/97

Connecting your intranet to the Internet without an effective firewall is unthinkable _ you absolutely have to control which packets from what addresses carrying which protocols go where. In the absence of such controls, the value derived from intranet service can be outweighed by the dollar losses incurred by misuse and from hacking.

Given that this critical need can be expressed in terms of dollars saved or at risk, it is not surprising that many highly competitive players are attracted to the firewall market. And it's no wonder Microsoft Corp. has joined the fray.

The Microsoft Proxy Server, an easy-to-use Windows NT-specific firewall system, supports market-tandard protocols and proxy techniques and provides excellent systems integration and reporting facilities. Competitively priced at $995, it will appeal to those intranet managers who are committed to a Microsoft-supplied infrastructure and to those who are merely looking for an effective and simple solution.

Taking requests

The WinSock Proxy Server handles other TCP/IP protocols, including Internet Relay Chat for real-time chat, the Network News Transport Protocol for newsgroups, Post Office Protocol 3 and Simple Mail Transfer Protocol for e-mail, RealAudio for streaming audio and VDOLive for streaming video. At present, this proxy server supports Windows clients using WinSock Version 1.1. Microsoft expects to support WinSock 2.0 in the next version, but it hasn't committed to a release date.

The WinSock Proxy Server requires installation of client software that has a dynamic link library (DLL) supplementing the WINSOCK.DLL. This additional DLL intercepts Windows socket calls, examines them and, if the destination is local, hands them over to the original WinSock DLL. If the destination is not local, the DLL routes the call to the WinSock Proxy Server.

Of value for NetWare sites, Microsoft uses IPX, not TCP/IP, as the transport for WinSock Proxy Server access. Microsoft Proxy Server performs all the conversions to and from IPX and TCP/IP and, in effect, treats all requests as if for remote locations.

Microsoft `caches' on

Microsoft Proxy Server only caches Web data. Microsoft has not announced plans for expanding caching to FTP or Gopher data.

For Proxy Server's cache, Microsoft recommends a minimum allocation of at least 100M bytes, plus 0.5M bytes for each Web proxy service client, rounded up to the nearest full megabyte. Providing proxy service to 50 Web clients, for example, calls for at least a 125M-byte cache.

Intranet managers can control the way Proxy Server performs the caching by setting the amount of time that cached data is retained before it expires and needs refreshing. The data retention period is called Time-to-Live (TTL).

They also can control to what degree active caching is used. Active caching is a sophisticated mechanism that refreshes data in the cache without client requests forcing the update. The server automatically refreshes the cache based on how often the data is requested.

While intranet managers can adjust the TTL and active caching mechanisms, automatic analysis of cache activity determines the final caching behavior.

Control and logging

When configuring the two distinct Proxy Server components, you can control which users and groups, as defined in the Windows NT User Manager for Domains, are allowed to access the Web and WinSock proxy servers.

Importantly, intranet managers also have the option of filtering requests to either specifically allow or deny access to servers by domain or IP network or node address.

What's more, extensive logging is available with the Web and WinSock components. Proxy Server can log access data to flat files or SQL databases. And for the flat-file logging, you can automatically create files for each day, week, month or when the log file reaches a certain size.

Up and running

Proxy Server installation is easy, only taking perhaps 10 minutes. The installation guide is an HTML document set, which is in line with Microsoft's general move to electronic manuals. Proxy Server's online documentation is excellent.

I found no problems with any aspect of the product's installation or operation. The interaction of Proxy Server with Remote Access Server connections was flawless (though for dial-up connections the setup time usually causes the browser to time out before the connection completes), and the translation to and from IPX is transparent.

Unlike some other proxy service products I've tried, the performance penalty involved with Proxy Server appears negligible.

In high-traffic situations, the performance of the hardware on which Proxy Server runs will have an impact on throughput. That said, I suspect that when using a 166-MHz Pentium-based system and interfacing to a T-1 line, the wide-area service will saturate before the proxy server.

Intranet value

In addition, third-party vendors can add functionality to Proxy Server. For instance, Trend Communications has produced an add-on that performs virus detection and removal.

In short, Microsoft Proxy Server makes controlling the which-what-where of intranet connectivity a whole lot easier.